kaiji | 220e1c910f9577a81be54290fb4751d009a1946026bd51990160bc506b2b68bd | Triage

Sharing

General

Target

220e1c910f9577a81be54290fb4751d009a1946026bd51990160bc506b2b68bd.elf
Size

5.1MB
Sample

241012-nerl1sxfmg
MD5

a2dc807281d4e53d566e8a27b5caae6a
SHA1

d704c9516c33fde2b362e0584dc6bcdbb0484962
SHA256

220e1c910f9577a81be54290fb4751d009a1946026bd51990160bc506b2b68bd
SHA512

e1dffa9e29bcadd098ba390eda9da813567b7cb30efa6b9eb5879327c948acc4a886a7562240f899a810d112b90eed6aa785cd486cd4659f406bb59418bdf75b
SSDEEP

49152:PJzG9XxZPF773LVPN9GnMbaVZGNJru8cYWPAXq7nLYvVorzmpxUIU1F1:hzG9Xn53LtN9pbu0Jru8cYWPAXqi

Score

10^/10

kaiji defense_evasion discovery persistence privilege_escalation

Malware Config

Extracted

Family

kaiji

C2

154.12.82.11:7878

Targets

- Target
  
  220e1c910f9577a81be54290fb4751d009a1946026bd51990160bc506b2b68bd.elf
- Size
  
  5.1MB
- MD5
  
  a2dc807281d4e53d566e8a27b5caae6a
- SHA1
  
  d704c9516c33fde2b362e0584dc6bcdbb0484962
- SHA256
  
  220e1c910f9577a81be54290fb4751d009a1946026bd51990160bc506b2b68bd
- SHA512
  
  e1dffa9e29bcadd098ba390eda9da813567b7cb30efa6b9eb5879327c948acc4a886a7562240f899a810d112b90eed6aa785cd486cd4659f406bb59418bdf75b
- SSDEEP
  
  49152:PJzG9XxZPF773LVPN9GnMbaVZGNJru8cYWPAXq7nLYvVorzmpxUIU1F1:hzG9Xn53LtN9pbu0Jru8cYWPAXqi
Score

7^/10

defense_evasion discovery persistence privilege_escalation
- Executes dropped EXE
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Modifies systemd
  Adds/ modifies systemd service files. Likely to achieve persistence.
  persistence privilege_escalation
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

XDG Autostart Entries

Boot or Logon Initialization Scripts

RC Scripts

Create or Modify System Process

Systemd Service

Privilege Escalation

Boot or Logon Autostart Execution

XDG Autostart Entries

Boot or Logon Initialization Scripts

RC Scripts

Create or Modify System Process

Systemd Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceprivilege_escalation